internal static async Task DenyAdminDeviceRequests(this IEnterpriseContext context, GetDeviceForAdminApproval[] devices) { var rq = new ApproveUserDevicesRequest(); foreach (var device in devices) { var deviceRq = new ApproveUserDeviceRequest { EnterpriseUserId = device.EnterpriseUserId, EncryptedDeviceToken = ByteString.CopyFrom(device.EncryptedDeviceToken.Base64UrlDecode()), DenyApproval = true, }; rq.DeviceRequests.Add(deviceRq); if (rq.DeviceRequests.Count == 0) { Console.WriteLine("No device to approve/deny"); } else { var rs = await context.Enterprise.Auth .ExecuteAuthRest <ApproveUserDevicesRequest, ApproveUserDevicesResponse>("enterprise/approve_user_devices", rq); if (rs.DeviceResponses?.Count > 0) { foreach (var approveRs in rs.DeviceResponses) { if (!approveRs.Failed) { continue; } if (context.Enterprise.TryGetUserById(approveRs.EnterpriseUserId, out var user)) { Console.WriteLine($"Failed to approve {user.Email}: {approveRs.Message}"); } } } context.DeviceForAdminApprovals = null; } } }
internal static async Task ApproveAdminDeviceRequests(this IEnterpriseContext context, GetDeviceForAdminApproval[] devices) { var dataKeys = new Dictionary <long, byte[]>(); foreach (var device in devices) { if (!dataKeys.ContainsKey(device.EnterpriseUserId)) { dataKeys[device.EnterpriseUserId] = context.UserDataKeys.TryGetValue(device.EnterpriseUserId, out var dk) ? dk : null; } } var toLoad = dataKeys.Where(x => x.Value == null).Select(x => x.Key).ToArray(); if (toLoad.Any() && context.EnterprisePrivateKey != null) { var dataKeyRq = new UserDataKeyRequest(); dataKeyRq.EnterpriseUserId.AddRange(toLoad); var dataKeyRs = await context.Enterprise.Auth.ExecuteAuthRest <UserDataKeyRequest, EnterpriseUserDataKeys>("enterprise/get_enterprise_user_data_key", dataKeyRq); foreach (var key in dataKeyRs.Keys) { if (key.UserEncryptedDataKey.IsEmpty) { continue; } try { var userDataKey = CryptoUtils.DecryptEc(key.UserEncryptedDataKey.ToByteArray(), context.EnterprisePrivateKey); context.UserDataKeys[key.EnterpriseUserId] = userDataKey; dataKeys[key.EnterpriseUserId] = userDataKey; } catch (Exception e) { Debug.WriteLine($"Data key decrypt error: {e.Message}"); } } } var rq = new ApproveUserDevicesRequest(); foreach (var device in devices) { if (!dataKeys.TryGetValue(device.EnterpriseUserId, out var dk)) { continue; } if (string.IsNullOrEmpty(device.DevicePublicKey)) { continue; } var devicePublicKey = CryptoUtils.LoadPublicEcKey(device.DevicePublicKey.Base64UrlDecode()); try { var deviceRq = new ApproveUserDeviceRequest { EnterpriseUserId = device.EnterpriseUserId, EncryptedDeviceToken = ByteString.CopyFrom(device.EncryptedDeviceToken.Base64UrlDecode()), EncryptedDeviceDataKey = ByteString.CopyFrom(CryptoUtils.EncryptEc(dk, devicePublicKey)) }; rq.DeviceRequests.Add(deviceRq); } catch (Exception e) { Debug.WriteLine(e.Message); } } if (rq.DeviceRequests.Count == 0) { Console.WriteLine("No device to approve/deny"); } else { var rs = await context.Enterprise.Auth.ExecuteAuthRest <ApproveUserDevicesRequest, ApproveUserDevicesResponse>("enterprise/approve_user_devices", rq); if (rs.DeviceResponses?.Count > 0) { foreach (var approveRs in rs.DeviceResponses) { if (!approveRs.Failed) { continue; } if (context.Enterprise.TryGetUserById(approveRs.EnterpriseUserId, out var user)) { Console.WriteLine($"Failed to approve {user.Email}: {approveRs.Message}"); } } } context.DeviceForAdminApprovals = null; } }
public static async Task ExecuteDeviceApprove(IAuthentication auth, IList <string> messages) { var keysRq = new EnterpriseDataCommand { include = new[] { "devices_request_for_admin_approval" } }; var rs = await auth.ExecuteAuthCommand <EnterpriseDataCommand, EnterpriseDataResponse>(keysRq); if ((rs.DeviceRequestForApproval?.Count ?? 0) == 0) { return; } var userDataKeys = new Dictionary <long, byte[]>(); foreach (var drq in rs.DeviceRequestForApproval) { if (!userDataKeys.ContainsKey(drq.EnterpriseUserId)) { userDataKeys[drq.EnterpriseUserId] = null; } } var dataKeyRq = new UserDataKeyRequest(); dataKeyRq.EnterpriseUserId.AddRange(userDataKeys.Keys); var dataKeyRs = await auth.ExecuteAuthRest <UserDataKeyRequest, EnterpriseUserDataKeys>("enterprise/get_enterprise_user_data_key", dataKeyRq); foreach (var key in dataKeyRs.Keys) { if (key.UserEncryptedDataKey.IsEmpty) { continue; } if (key.KeyTypeId != 2) { continue; } try { var userDataKey = CryptoUtils.DecryptEc(key.UserEncryptedDataKey.ToByteArray(), _enterprisePrivateKey); userDataKeys[key.EnterpriseUserId] = userDataKey; } catch (Exception e) { messages.Add($"Data key decrypt error: {e.Message}"); } } var approveDevicesRq = new ApproveUserDevicesRequest(); foreach (var drq in rs.DeviceRequestForApproval) { if (!userDataKeys.ContainsKey(drq.EnterpriseUserId) || userDataKeys[drq.EnterpriseUserId] == null) { continue; } var dataKey = userDataKeys[drq.EnterpriseUserId]; var devicePublicKey = CryptoUtils.LoadPublicEcKey(drq.DevicePublicKey.Base64UrlDecode()); var encDataKey = CryptoUtils.EncryptEc(dataKey, devicePublicKey); var approveRq = new ApproveUserDeviceRequest { EnterpriseUserId = drq.EnterpriseUserId, EncryptedDeviceToken = ByteString.CopyFrom(drq.EncryptedDeviceToken.Base64UrlDecode()), EncryptedDeviceDataKey = ByteString.CopyFrom(encDataKey), DenyApproval = false, }; approveDevicesRq.DeviceRequests.Add(approveRq); } if (approveDevicesRq.DeviceRequests.Count == 0) { return; } var approveRs = await auth.ExecuteAuthRest <ApproveUserDevicesRequest, ApproveUserDevicesResponse>("enterprise/approve_user_devices", approveDevicesRq); foreach (var deviceRs in approveRs.DeviceResponses) { var message = $"Approve device for {deviceRs.EnterpriseUserId} {(deviceRs.Failed ? "failed" : "succeeded")}"; Debug.WriteLine(message); messages.Add(message); } }